The session has two flags, one for reading and another for writing. If the session is just read, we get it from the store but do not send a cookie a back to the client unless it was written.
This commit also adds Rack::Request#ssl? for convenience.
Signed-off-by: raggi <jftucker@gmail.com>

Reverts the hard test for a 'PUT' request method (8d01dc0) and
uses the Content-Type to determine whether to read into the
request body. The Request#POST method parses the request body
if (and only if) either of the following conditions are met:
1. The request's Content-Type is application/x-www-form-urlencoded
or multipart/form-data. Note: the REQUEST_METHOD is ignored in
this case.
2. The original REQUEST_METHOD is 'POST' and no Content-Type header
was specified in the request. Note that we use the REQUEST_METHOD
value before any modifications by the MethodOverride middleware.
This is very similar to how this worked prior to 8d01dc0 but
narrows the 'no Content-Type' special case to apply only to
POST requests. A PUT request with no Content-Type header would
trigger parsing before - with this change only POST requests
with no Content-Type trigger parsing.